Pentagon eases secrecy over cloud contract as Amazon rivals fret

The Pentagon defended its planned winner-take-all award for a multibillion-dollar cloud computing contract, calling the effort to choose a single provider the best approach for "rapidly delivering new capabilities" to U.S. forces deployed worldwide.

The report demanded by Congress is the Defense Department's first detailed rebuttal to an alliance of technology companies that says the award to one bidder would be all but certain to go to Amazon.com, the dominant provider of cloud computing services. A final request for proposals is expected as soon as this week.

Scattering Defense Department information "across a multitude of clouds" would inhibit "the ability to access and analyze critical data," the department said in the 15-page report sent to congressional defense committees last week. Moreover, the "lack of a common environment for computing and data storage" would limit the effectiveness of machine learning and artificial intelligence for warfighters.

The report was initially labeled "For Official Use Only," restricting its public release. After complaints from congressional staff and an inquiry by Bloomberg News, Pentagon officials removed the restriction for everything except projected spending figures for the next five fiscal years. Bloomberg News obtained the report plus the spending figures, which show the Pentagon plans to spend $1.63 billion on cloud computing through fiscal 2023.

Without commenting on the merits of the Pentagon's arguments, a technology industry group greeted the report as a step forward in a process it's criticized as secretive. "Our objective was to get answers to questions posed by the sector," Trey Hodgkins, a spokesman for the Information Technology Alliance for Public Sector, said in a statement Monday.

The alliance has said a winner-take-all award "dilutes the benefits of best practices, strongly increasing the likelihood of vendor and technology lock-in, and negatively impacting innovation, costs, and security."

Oracle is leading the effort to prevent a winner-take-all award, according to people familiar with the matter. The loose coalition of companies pushing for the contract to be sliced into multiple awards also includes Microsoft and International Business Machines, the people said.

Lawmakers required the report in this year's $1.3 trillion omnibus spending bill in an effort to create more transparency in the Pentagon's plans for what's become a contentious, rumor-rich contest to provide online data storage, or a "centralized data lake," for the military's 3.4 million users and 4 million devices.

It projects spending of $393.1 million in the year that begins Oct. 1, $500.3 million in fiscal 2020, $240 million in fiscal 2021, $249 million in fiscal 2022 and $244 million in fiscal 2023.

Those estimates don't specify how much of the $1.63 billion would be spent on the cloud-computing initiative that's been give a name inspired by "Star Wars"-- the Joint Enterprise Defense Infrastructure, or JEDI cloud. But it says the funding includes a total of $420 million through 2020 "to accelerate the migration of IT systems and data to the cloud" -- $160 million in fiscal 2019 and $260 million in 2020.

The Pentagon has said its contract award will be limited to an initial two years with options that could extend it to as long as a decade. While critics say the Defense Department is unlikely to start all over with a new vendor after two years, it said in the new report that it'll include "multiple mechanisms" to avoid such "vendor lock."

These will include maintaining data in "containers" that can be moved, and requiring the winning contractor to "provide a detailed portability plan."

The contract's three-year and five-year extensions "will only be exercised if doing so is the most advantageous method for fulfilling the DoD's requirements," according to the report.

The Pentagon has been dismissive at times of demands that it justify its winner-take-all plans for the cloud contract. In posting answers in April to 1,089 questions raised by 46 companies, a question about the reasoning behind a winner-take-all award brought a succinct response: "This rationale is not going to be published at this time."

The department said in the new report that it "expects to maintain contracts with numerous cloud providers to access specialized capabilities."

But using multiple vendors for the centralized data repository would create costly challenges such as reaching "remote locations with limited or no bandwidth," the department said, and would "likely multiply installed equipment, in places like forward operating bases or naval vessels where space is limited, without commensurate increases in capabilities."

Likewise, "while security of data within clouds is largely standard and automatic, managing security and data accessibility between clouds currently requires manual configuration that is prone to human error or resource limitation and therefore introduces potential security vulnerabilities," the Pentagon said in the report.

It cited disadvantages of what are now 500 individual cloud efforts, "reminiscent of DoD's current legacy information technology environment, which are not optimized for the 21st Century."

Once a cloud winner is selected, the department said, it intends to take baby steps, or "proof point validations," to evaluate the winner's cloud services and the transfer of software applications. The Navy, Marine Corps, U.S. Transportation Command and the Defense Media Activity, which handles internal communications, will be the first test cases.